package com.robot.mannge.common.config.security;

import com.robot.mannge.common.config.security.handler.AnonymousAuthenticationHandler;
import com.robot.mannge.common.config.security.handler.CustomerAccessDeniedHandler;
import com.robot.mannge.common.config.security.handler.LoginFailHandler;
import com.robot.mannge.common.config.security.handler.LoginSuccessHandler;
import com.robot.mannge.common.utils.MDEncoderHelper;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import javax.annotation.Resource;

/**
 * @Author: Smile
 * @Date: 2024/01/30/12:48
 * @Description:
 */

/**
 * springSecurity配置
 */
@Configuration
@EnableWebSecurity//开启springSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Resource
    private CustomerUserDetailsService customerUserDetailsService;

    @Resource
    private LoginSuccessHandler loginSuccessHandler;

    @Resource
    private LoginFailHandler loginFailHandler;

    @Resource
    private CustomerAccessDeniedHandler customerAccessDeniedHandler;

    @Resource
    private AnonymousAuthenticationHandler anonymousAuthenticationHandler;

    /**
     * 加密
     * @return
     */
    @Bean
    public BCryptPasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }


    /**
     * 处理登录认证
     * @param http the {@link HttpSecurity} to modify
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //登录过程的处理
   /*     http.formLogin()
                .successHandler(loginSuccessHandler)
                .failureHandler(loginFailHandler)
                .and()
                .authorizeRequests()
                .anyRequest()
                .authenticated();*/

        http.cors().and().csrf().disable() // 关闭CSRF保护和启用CORS
            .authorizeRequests()
                .antMatchers(HttpMethod.POST,"/api/user/login").permitAll()//登录请求放行
                .anyRequest().authenticated()//其他的请求直接拦截
                .and()
            .formLogin()//表单登录
                .loginProcessingUrl("/api/user/login")//登录地址请求
                .successHandler(loginSuccessHandler)//登录认证成功的处理器
                .failureHandler(loginFailHandler)//登录认证失败的处理器
                .and()
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)//不创建session
                .and()
            .exceptionHandling()//异常访问
                .authenticationEntryPoint(anonymousAuthenticationHandler)//匿名访问
                .accessDeniedHandler(customerAccessDeniedHandler);//认证用户无权限访问

        //super.configure(http);
    }

    /**
     * 配置认证处理器的方法
     * @param auth the {@link AuthenticationManagerBuilder} to use
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(customerUserDetailsService).passwordEncoder(passwordEncoder());

    }



}
